Software-protection techniques are applied in commercial programmes to protect them from malware. The task for these techniques is to make an analysis of the programme code more difficult for attackers. Up to this point, it has not been possible to clearly measure the strength of these protection methods. Together with the Belgian University of Ghent, the Institute of IT Security Research at St. Pölten UAS is working on a solution to this problem. With the help of quantitative-predictive models, the measurability of software-protection mechanisms should be significantly improved both in theory and practice.
Search for the optimal protection strategy
Software-protection techniques such as code obfuscation are intended to protect software by intentionally complicating the programme code thus making its analysis more difficult for attackers. Although these techniques have been researched for more than two decades and frequently used in practice, there are as yet no reliable models that can calculate the strength of the protection mechanisms.
"The lack of such models is highly problematic, both for software providers who lack automated decision-making systems for choosing the optimal protection strategy for their software as well as for malware analysts who have to determine the appropriate analysis strategy in accordance with the protection technology being used", explained Sebastian Schrittwieser, Head of the project and Head of the Josef Ressel Centre TARGET at St. Pölten UAS.
Measurement factors "resilience" and "stealth"
In the EMRESS project, Schrittwieser and his team are developing quantitative-prediction models that will determine the strength of software-protection techniques in terms of two properties "resilience" (strength of the protection with respect to different analysis strategies) and "stealth" (concealment of the protection).
In both research fields, comprehensive literature studies form the basis with which the body of research knowledge on the arms race between software protection and program analysis will be described in the theory. From this, properties of programme codes should be derived, which can be used to quantify the strength of the deployed protective mechanisms and in the context of malware, determine the type of protective mechanisms that can be used. The knowledge gained provides the basis for modelling.
In order to verify the modelling hypotheses, prototypical implementations of software-protection concepts in connection with analysis methods will then be subjected to practical tests.
Project EMRESS (Evaluation Models for the Resilience and Stealth of Software Protections and Malware)
The project is funded by the Austrian Science Fund FWF as part of the "Joint Projects" line. It will run from July 2018 to July 2022. The project partner is the Belgian University of Ghent.